common/default.nix

@@ -57,7 +57,6 @@
     shell = pkgs.fish;
     openssh.authorizedKeys.keys = (import ./ssh.nix).users;
     hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/";
-    uid = 1000;
   };
   nix.trustedUsers = [ "root" "googlebot" ];
 

common/hosts.nix

@@ -3,11 +3,6 @@
 let
   system = (import ./ssh.nix).system;
 in {
-  networking.hosts = {
-    # some DNS providers filter local ip results from DNS request
-    "172.30.145.180" = [ "s0.zt.neet.dev" ];
-  };
-
   programs.ssh.knownHosts = {
     liza = {
       hostNames = [ "liza" "liza.neet.dev" ];

common/pc/chromium.nix

@@ -63,7 +63,7 @@ in {
         "fihnjjcciajhdojfnbdddfaoknhalnja" # I don't care about cookies
         "mnjggcdmjocbbbhaepdhchncahnbgone" # SponsorBlock
         "dhdgffkkebhmkfjojejmpbldmpobfkfo" # Tampermonkey
-        # "ehpdicggenhgapiikfpnmppdonadlnmp" # Disable Scroll Jacking
+        "ehpdicggenhgapiikfpnmppdonadlnmp" # Disable Scroll Jacking
       ];
       extraOpts = {
         "BrowserSignin" = 0;

common/pc/default.nix

@@ -17,7 +17,6 @@ in {
     ./discord.nix
     ./steam.nix
     ./touchpad.nix
-    ./mount-samba.nix
   ];
 
   options.de = {

common/pc/mount-samba.nix

@@ -1,36 +0,0 @@
-# mounts the samba share on s0 over zeroteir
-
-{ config, lib, ... }:
-
-let
-  cfg = config.services.mount-samba;
-
-  # prevents hanging on network split
-  network_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
-
-  user_opts = "uid=${toString config.users.users.googlebot.uid},file_mode=0660,dir_mode=0770,user";
-  auth_opts = "credentials=/run/agenix/smb-secrets";
-  version_opts = "vers=2.1";
-
-  opts = "${network_opts},${user_opts},${version_opts}";
-in {
-  options.services.mount-samba = {
-    enable = lib.mkEnableOption "enable mounting samba shares";
-  };
-
-  config = lib.mkIf (cfg.enable && config.services.zerotierone.enable) {
-    fileSystems."/mnt/public" = {
-        device = "//s0.zt.neet.dev/public";
-        fsType = "cifs";
-        options = ["guest,${opts}"];
-    };
-
-    fileSystems."/mnt/private" = {
-        device = "//s0.zt.neet.dev/googlebot";
-        fsType = "cifs";
-        options = ["${auth_opts},${opts}"];
-    };
-
-    age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age;
-  };
-}

common/server/samba.nix

@@ -24,6 +24,18 @@
         load printers = yes
         printing = cups
         printcap name = cups
+
+        # encryption
+        server smb encrypt = desired
+
+        # gotta go fast https://wiki.archlinux.org/title/Samba#Improve_throughput
+        server multi channel support = yes
+        deadtime = 30
+        use sendfile = yes
+        min receivefile size = 16384
+        aio read size = 1
+        aio write size = 1
+        socket options = IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT SO_RCVBUF=131072 SO_SNDBUF=131072
       '';
 
       shares = {
@@ -37,28 +49,16 @@
           "force user" = "public_data";
           "force group" = "public_data";
         };
-        googlebot = {
+        private = {
-          path = "/data/samba/googlebot";
+          path = "/data/samba/Private";
           browseable = "yes";
           "read only" = "no";
           "guest ok" = "no";
-          "valid users" = "googlebot";
           "create mask" = "0644";
           "directory mask" = "0755";
           "force user" = "googlebot";
           "force group" = "users";
         };
-        cris = {
-          path = "/data/samba/cris";
-          browseable = "yes";
-          "read only" = "no";
-          "guest ok" = "no";
-          "valid users" = "cris";
-          "create mask" = "0644";
-          "directory mask" = "0755";
-          "force user" = "root";
-          "force group" = "users";
-        };
         printers = {
           comment = "All Printers";
           path = "/var/spool/samba";

machines/ray/configuration.nix

@@ -49,8 +49,6 @@
 
   services.zerotierone.enable = true;
 
-  services.mount-samba.enable = true;
-
   de.enable = true;
   de.touchpad.enable = true;
 }

machines/storage/s0/configuration.nix

@@ -173,15 +173,6 @@
           runHook postInstall
         '';
       });
-
-      pykms = prev.pykms.overrideAttrs (old: {
-        src = pkgs.fetchFromGitHub {
-          owner = "Py-KMS-Organization";
-          repo = "py-kms";
-          rev = "7bea3a2cb03c4c3666ff41185ace9f7ea2a07b99";
-          sha256 = "90DqMqPjfqfyRq86UzG9B/TjY+yclJBlggw+eIDgRe0=";
-        };
-      });
     })
   ];
 }

secrets/secrets.nix

@@ -17,5 +17,4 @@ in
   "spotifyd.age".publicKeys = all;
   "wolframalpha.age".publicKeys = all;
   "cloudflared-navidrome.json.age".publicKeys = all;
-  "smb-secrets.age".publicKeys = all;
 }